Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Bitcoin Observer
SHA256 checksum (bitcoin-observer_11.tgz) b0fe14d0a59bc00f565c9e848a8491eb4722e270064cc2f3d44cc65639791be6 SHA256 checksum (bitcoin-observer_10.tgz) a897207c33b3ac428a4f6ba23416dee5db13d6825baad88af3d08b01e1cfa271
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Bitcoin Observer

Overview
Details
The block chain serves as the public general ledger for all Bitcoin transactions, and as such contains a wealth of information. Using scripted inputs to connect to the Blockchain.info data API makes is possible to leverage Splunk to easily gain insight to the inner workings of the Bitcoin network.

Bitcoin Observer

This application connects to the blockchain.info website API to retrieve bitcoin blockchain data.

Requirements are a 6.x Splunk Enterprise install running on Linux.

Data colleciton is accomplished via 3 scripted inputs which rely on a local python install (not the version bundled with Splunk) and the blockchain module.

The module can be installed by running 'pip install blockchain' from the command prompt.

Script detail:

bcblock.py - Returns info related to the latest block. The script uses a local key file which is updated with the block_height of the most recent block. The script retrieves all of the transactions for each individual block.
bcchart.py - returns BTC values vs world currencies
bcstat.py - returns higher level stats for the bitcoin network

If there is a problem collecting data, attempt to run the scripts manually by running the corresponding wrapper scripts in the bin directory - bcblock.sh, bcstats.sh, bcchart.sh
Verify that the python path is correct, the blockchain module is installed and that there is connectivity with the blockchain.info site.

Splunked data is sent to the bitcoin index. When performing manual searches use index=bitcoin.
The "eventcat" field is used to label six different event types.
eventcat=block - high level block information
eventcat=transaction - details transaction objects for individual blocks.
eventcat=input_from - addresses that have received bitcoins and the corresponding amounts.
eventcat=output_to - addresses that have sent bitcoins and the corresponding amounts.
eventcat=stat - high level bitcoin network statisitics
eventcat=currency - bitcoin value vs foreign currencies

The 'block_height' field is used as a common identifier across the block, transaction, input_from, output_to event types.
The 'tx_index' field is used as a common identifier to link transaction events to input_from and output_to events.

Traversing a block to a bitcoin address follows this path:

block -> transaction -> input_from

block -> transaction -> output_to

Navigation:

There are 7 views available with the app.

'Meta Stats' and 'Miner Stats' contain overview stats and trends for the bitcoin network. This includes the current block height, transaction trends, hashrate, minutes between blocks, etc.

'Bitcoin Address Info' provides details on the most re-used bitcoin addresses in the last 24 hours. Drilling down on a bitcoin address in the pie charts provide a way to see transaction amounts for this address and a map detailing the location of the transaction.
A note about the accuracy of location information: Bitcoin uses peer-to-peer connections to share the transaction database called the "Blockchain". This app uses the blockchain.info
"Relayed by IP" address to determine location.
This is just the first IP address that blockchain.info saw broadcast the transaction, not necessarily the IP address that originated the transaction.
Mobile wallets and non-full nodes typically do not broadcast IP information.
More detail about how IP addresses are handled on the bitcoin network can be found here:
http://cointext.com/bitcoin-and-ip-address-privacy/

'Bitcoin Address Query' provides a form that allows a search on a specific bitcoin address to see historical transaction information.

'Block Explorer' provides a way to drill down to individual blocks and transactions to see specific transfer amounts.

'Currency Charts' provides a trend chart of bitcoin value vs a basket of currencies.

'GeoLocation' provides a world view map of recent transactions

Release Notes

Version 1.1
Oct. 23, 2017

Fixed a python module dependency

Version 1.0
Jan. 22, 2015

14
Installs
476
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2018 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.